SYSTEM Cited by 1 source

Privacy Pass

Privacy Pass is the IETF-standardized anonymous-credential architecture and issuance-protocol suite — RFC 9576 (architectural framework) plus RFC 9578 (issuance protocols). It defines tokens that a client can obtain after passing a check and later present to an origin as cryptographic proof that the check was passed — with the unlinkability property that issuance and redemption cannot be protocol-linked.

Protocol roles (RFC 9576 §3)

Four roles:

• Issuer — mints tokens after verifying (directly or via an attester) that the client passed a check.
• Attester — trusted by the issuer to perform the check (e.g. run a CAPTCHA challenge, verify device attestation). May be the same entity as the issuer.
• Client — holds tokens and decides when and where to present them in scope.
• Origin — consumes tokens; chooses which issuers it trusts; defines what presenting a token means (e.g. skip the challenge, count against a rate limit budget).

See patterns/issuer-attester-client-origin-roles for the pattern-level decomposition.

Issuance primitives (RFC 9578)

Two issuance protocols are defined:

• Privately verifiable — based on VOPRF (RFC 9497). Only the issuer can verify redemption; cheap and fast but tokens are bound to a specific issuer at verification time.
• Publicly verifiable — based on Blind RSA signatures. Any party with the issuer's public key can verify; more expensive but decouples verification from the issuer.

Both rely on blinding: the client sends a blinded element to the issuer at issuance and unblinds locally, so the token presented at redemption cannot be linked to the issuance event by the issuer.

Cloudflare deployment

Cloudflare has supported Privacy Pass since 2019:

• The original 2019 launch was motivated by replacing CAPTCHA challenges for anonymous clients (including Tor users) with a token-redemption scheme.
• Cloudflare operates as both attester (runs CAPTCHAs) and issuer (mints tokens) in the classic deployment; origins are Cloudflare-protected zones.
• The 2026-04-21 post cites billions of tokens per day across Cloudflare's infrastructure, primarily for privacy relay services (iCloud Private Relay — Apple's relay uses Privacy Pass to prove the client has been attested without revealing the client identity to the origin).

Structural limits that motivate successors

Base Privacy Pass tokens are 1:1 — one issuance, one redemption. The 2026-04-21 post flags three limits this imposes:

1. No dynamic rate limits. If a client is issued 100 tokens and begins consuming too many resources after the first two, the remaining 98 cannot be invalidated. Handled by ARC.
2. Hard for new issuers to emerge. Unlinkability prevents the origin from feeding quality signal back to the issuer ("your tokens correlate with high abuse") — so issuer reputation cannot bootstrap on per-token outcomes.
3. 1:1 issuance-to-presentation. Multiple scoped presentations against an origin require multiple issuance round-trips. Handled by ACT: contact issuer once, present many scoped proofs.

What Privacy Pass does not provide

Cloudflare is explicit that unlinkability is a protocol-level property. End-to-end anonymity is still subject to correlation via IP addresses, cookies, account state, and timing — Privacy Pass removes one attack vector, not all of them.

Additionally, Privacy Pass does not:

• Gate access to identity — the client's identity to the attester may still be known (e.g. device identity for iCloud Private Relay).
• Stop deanonymization via side channels outside the protocol.
• Solve the governance problem of who should run issuers — that's the patterns/open-issuer-ecosystem concern.

Relationship to adjacent primitives

• Web Bot Auth — RFC 9421 HTTP Message Signatures for identifiable bots. Web Bot Auth is the identity branch, Privacy Pass is the anonymous branch, of the post-bot-vs-human architecture; both are active signals with cryptographic weight.
• Web PKI — server-side analog of "anonymous + accountable" via CA governance + Certificate Transparency. Privacy Pass tries to build the equivalent on the client side.
• OIDC / OAuth — identity-proof schemes that sit in the decentralized + accountable, anonymous sacrificed corner of the rate-limit trilemma. Privacy Pass explicitly aims at the third corner.

Seen in

• sources/2026-04-21-cloudflare-moving-past-bots-vs-humans — canonical 2026 articulation positioning Privacy Pass as the exit from the rate-limit trilemma, with explicit scale anchor (billions of tokens per day) and the three-limits framing motivating ARC / ACT.

Related

• concepts/anonymous-credential — the primitive class Privacy Pass instantiates.
• concepts/unlinkability — the defining cryptographic property.
• concepts/rate-limit-trilemma — the framing that makes Privacy Pass load-bearing.
• systems/arc-anonymous-rate-limit-credentials — rate-limit extension.
• systems/act-anonymous-credit-tokens — multi-presentation extension.
• patterns/issuer-attester-client-origin-roles — the RFC 9576 four-role decomposition.
• IETF Privacy Pass WG
• RFC 9576 — architecture.
• RFC 9578 — issuance protocols.